Digital privacy in California

Consumer privacy law coming in 2020

On June 28 California passed a digital privacy law granting consumers more control over, and insight into, their online personal information. Though not as expansive as the European Union’s recently enacted General Data Protection Regulation (GDPR), the new law is one of the most significant regulations to watch over the data collection practices of online companies in the United States.

Called the California Consumer Privacy Act, the law grants consumers the right to know what information is being collected about them, why that data is being collected, and with whom it is shared. In addition, customers will have the right to demand that companies delete their information, as well as to not sell or share their data.

Predictably, the new law will also make it easier for consumers to sue companies after a data breach, and gives the California attorney general more authority to fine companies that don’t play by the rules.

Alastair Mactaggart

Signed into law by Governor Jerry Brown, the legislation goes into effect in January 2020 and is modeled closely on a ballot initiative proposed by real estate developer Alastair Mactaggart (photo above). Mactaggart spent over $3 million and gathered over 600,000 signatures to get his initiative certified.

However, concerned that rankled technology companies would outspend him and reverse public opinion before November, Mactaggart agreed to pull the initiative in exchange for the passage of the California Consumer Privacy Act.

“I feel like it’s the first step, and the country’s going to follow. Everybody is finally waking up to the importance of digital privacy.”

— Alastair Mactaggart / San Francisco real estate developer

Consumer rights under the law

Proposed rights under the new California Consumer Privacy Act:

Right to know all your personal data that is collected by a business

Right to be informed of what categories of data will be collected about you before it’s collected

Right to be informed of any changes to data that’s collected

Right to have your data deleted

Right to say no to the sale of your data

Right to know the categories of third parties with whom your data is shared

Right to know from where your data was acquired

Right to know why your personal information is being collected

Right to sue companies after a data breach

Mandatory opt-in before sale of children’s information (under the age of 16)

Enforcement of the new law by the California attorney general

More headaches for small business?

For smaller businesses, the new law may not be as scary as it sounds. To be affected a company must fall into at least one of the following three categories:

Have annual gross revenues in excess of $25 million ($25,000,000)

Annually buys, receives, sells, or shares (alone or in combination) for commercial purposes, the personal information of 50,000 or more consumers, households, or devices

Gets 50% or more of its annual revenues from selling personal consumer information

Don’t panic just yet

Even if you’re included in one of the above categories, the California Consumer Privacy Act won’t go into effect until January 2020. Over the next 18 months, lawmakers claim that they’ll work to resolve any issues that emerge — particularly as they relate to potential consumer lawsuits. Just don’t wait too long to get organized. The GDPR caught many U.S. businesses by surprise and a lot of IT departments are still scrambling to comply.

What is the GDPR?

The European Union’s General Data Protection Regulation (GDPR) went into effect on May 25, 2018. In short, it is a complex and sweeping consumer privacy regulation that imposes severe fines on companies that collect, store, and share personal information from residents of the European Union (EU), regardless of the where that company is located.

Although your company may target a very narrow slice of the globe far away from the EU, it would still be prudent to update your website to reflect the spirit of the new regulations. Privacy is an incendiary topic and it makes sense to keep in line with current legal trends — wherever they may originate. Besides, I suspect that the United States (and the rest of the world) may follow suit with equally rigorous standards in the future. Learn more

Share this:

About Philip Papeman

Philip Papeman is the proprietor of Ern Berck Digital, a web design studio in Chico, California. He helps small businesses with thorny problems, individuals with great ideas, and everyone in between. He's a fanatic for simplicity.